noc.git
6 years agorevamped temporary directories
Christian Pointner [Mon, 21 May 2018 00:45:46 +0000 (02:45 +0200)]
revamped temporary directories

6 years agoMerge pull request #16 from realraum/openwrt-image
Christian Pointner [Mon, 21 May 2018 00:11:06 +0000 (02:11 +0200)]
Merge pull request #16 from realraum/openwrt-image

Role for building OpenWrt images

6 years agoMerge PR#12: add initial vm installer role
nicoo [Mon, 21 May 2018 00:09:49 +0000 (02:09 +0200)]
Merge PR#12: add initial vm installer role

6 years agoroles/openwrt-image: Cache downloaded files
nicoo [Mon, 21 May 2018 00:01:13 +0000 (02:01 +0200)]
roles/openwrt-image: Cache downloaded files

6 years agomove openwrt image config to host_vars
Christian Pointner [Sun, 20 May 2018 23:52:24 +0000 (01:52 +0200)]
move openwrt image config to host_vars

6 years agotuer: Add sftp support
nicoo [Sun, 20 May 2018 23:23:09 +0000 (01:23 +0200)]
tuer: Add sftp support

6 years agotuer: Add missing packages
nicoo [Sun, 20 May 2018 23:12:26 +0000 (01:12 +0200)]
tuer: Add missing packages

6 years agoroles/openwrt-image: Fixup directory modes
nicoo [Sun, 20 May 2018 22:57:18 +0000 (00:57 +0200)]
roles/openwrt-image: Fixup directory modes

6 years agoadded uci system settings
Christian Pointner [Sun, 20 May 2018 22:55:26 +0000 (00:55 +0200)]
added uci system settings

6 years agotuer: Add stuff for tuergit
nicoo [Sun, 20 May 2018 22:22:56 +0000 (00:22 +0200)]
tuer: Add stuff for tuergit

6 years agofixup! roles/openwrt-image: Add support for setting file modes
nicoo [Sun, 20 May 2018 21:36:14 +0000 (23:36 +0200)]
fixup! roles/openwrt-image: Add support for setting file modes

6 years agotuer: Add AuthorizedKeys script for tuerctl
nicoo [Wed, 16 May 2018 21:02:17 +0000 (23:02 +0200)]
tuer: Add AuthorizedKeys script for tuerctl

6 years agotuer: Replace dropbear with openssh-server
nicoo [Wed, 16 May 2018 21:00:17 +0000 (23:00 +0200)]
tuer: Replace dropbear with openssh-server

This is a work-in-progress, the configuration is currently broken...

We use /etc/ssh/authorized_keys.d so non-root users cannot edit
authorized keys.

6 years agofixup! roles/openwrt-image: Support creating users/groups
nicoo [Wed, 16 May 2018 20:58:51 +0000 (22:58 +0200)]
fixup! roles/openwrt-image: Support creating users/groups

6 years agoroles/openwrt-image: Support creating users/groups
nicoo [Wed, 16 May 2018 19:36:44 +0000 (21:36 +0200)]
roles/openwrt-image: Support creating users/groups

6 years agoroles/openwrt-image: Support configuring mountpoints
nicoo [Wed, 16 May 2018 19:33:13 +0000 (21:33 +0200)]
roles/openwrt-image: Support configuring mountpoints

6 years agoroles/openwrt-image: Natively support UCI configuration
nicoo [Wed, 16 May 2018 19:32:27 +0000 (21:32 +0200)]
roles/openwrt-image: Natively support UCI configuration

6 years agotuer: Make installed binaries executable
nicoo [Wed, 16 May 2018 19:28:16 +0000 (21:28 +0200)]
tuer: Make installed binaries executable

6 years agoroles/openwrt-image: Add support for setting file modes
nicoo [Sun, 6 May 2018 11:39:03 +0000 (13:39 +0200)]
roles/openwrt-image: Add support for setting file modes

6 years agoroles/openwrt-image: Refactor openwrt-mixins
nicoo [Sun, 6 May 2018 11:38:40 +0000 (13:38 +0200)]
roles/openwrt-image: Refactor openwrt-mixins

6 years agotuer: Disallow all password auth
nicoo [Sun, 6 May 2018 11:14:09 +0000 (13:14 +0200)]
tuer: Disallow all password auth

6 years agofix localconfig ssh user for openwrt hosts
Christian Pointner [Fri, 4 May 2018 22:05:31 +0000 (00:05 +0200)]
fix localconfig ssh user for openwrt hosts

6 years agoansible: add todo message for nicoo
Christian Pointner [Fri, 4 May 2018 21:06:13 +0000 (23:06 +0200)]
ansible: add todo message for nicoo

6 years agoansible: copy resulting openwrt image to correct location
Christian Pointner [Fri, 4 May 2018 20:56:50 +0000 (22:56 +0200)]
ansible: copy resulting openwrt image to correct location

6 years agocosmetic changes
Christian Pointner [Fri, 4 May 2018 19:14:48 +0000 (21:14 +0200)]
cosmetic changes

6 years agoTuer firmware (WIP)
nicoo [Fri, 4 May 2018 00:51:06 +0000 (02:51 +0200)]
Tuer firmware (WIP)

6 years agoansible: vm/network role improvments
Christian Pointner [Tue, 24 Apr 2018 19:31:16 +0000 (21:31 +0200)]
ansible: vm/network role improvments

6 years agoadded support for ubuntu/xenial to vm/install role
Christian Pointner [Tue, 24 Apr 2018 00:20:37 +0000 (02:20 +0200)]
added support for ubuntu/xenial to vm/install role

6 years agotuer: Avoid polluting the user's homedir with go crap
nicoo [Sun, 22 Apr 2018 21:24:58 +0000 (23:24 +0200)]
tuer: Avoid polluting the user's homedir with go crap

6 years agotuer: Build go binaries
nicoo [Sun, 22 Apr 2018 21:16:23 +0000 (23:16 +0200)]
tuer: Build go binaries

6 years agoAnsible playbook for building a torwaechter image (WIP)
nicoo [Thu, 19 Apr 2018 13:59:57 +0000 (15:59 +0200)]
Ansible playbook for building a torwaechter image (WIP)

6 years agoInitial role for building OpenWRT images
nicoo [Thu, 19 Apr 2018 13:56:43 +0000 (15:56 +0200)]
Initial role for building OpenWRT images

6 years agoAdd torwaechter to inventory
nicoo [Sun, 22 Apr 2018 21:13:29 +0000 (23:13 +0200)]
Add torwaechter to inventory

6 years agoadapt vm install role to new inventory naming scheme
Christian Pointner [Sun, 22 Apr 2018 19:25:17 +0000 (21:25 +0200)]
adapt vm install role to new inventory naming scheme

6 years agoansible: merge master to vm-install branch
Christian Pointner [Sun, 22 Apr 2018 18:00:01 +0000 (20:00 +0200)]
ansible: merge master to vm-install branch

6 years agoMerge PR#15: ansible: first proposal for nicer inventory names
nicoo [Sun, 22 Apr 2018 15:49:32 +0000 (17:49 +0200)]
Merge PR#15: ansible: first proposal for nicer inventory names

6 years agoMerge PR#14: ansible: Use variables for SSH keys
nicoo [Sun, 22 Apr 2018 15:45:37 +0000 (17:45 +0200)]
Merge PR#14: ansible: Use variables for SSH keys

6 years agoroles/vm-*: Move to roles/vm/*
nicoo [Sun, 22 Apr 2018 15:43:15 +0000 (17:43 +0200)]
roles/vm-*: Move to roles/vm/*

6 years agoansible: first proposl for nicer inventory names
Christian Pointner [Sun, 22 Apr 2018 11:59:37 +0000 (13:59 +0200)]
ansible: first proposl for nicer inventory names

6 years agoansible: use variables for ssh keys
Christian Pointner [Sun, 22 Apr 2018 10:46:07 +0000 (12:46 +0200)]
ansible: use variables for ssh keys

6 years agoinstaller role works now but still has issues
Christian Pointner [Sun, 22 Apr 2018 01:59:46 +0000 (03:59 +0200)]
installer role works now but still has issues

6 years agoadd initial vm installer role
Christian Pointner [Sat, 21 Apr 2018 21:56:18 +0000 (23:56 +0200)]
add initial vm installer role

6 years agoMerge PR#11: ansible vault: set trust-model to always
nicoo [Sat, 21 Apr 2018 20:22:17 +0000 (22:22 +0200)]
Merge PR#11: ansible vault: set trust-model to always

6 years agoMerge PR#10: ansible: enable facts caching
nicoo [Sat, 21 Apr 2018 20:18:03 +0000 (22:18 +0200)]
Merge PR#10: ansible: enable facts caching

6 years agoignore all inside .cache/
Christian Pointner [Sat, 21 Apr 2018 20:17:25 +0000 (22:17 +0200)]
ignore all inside .cache/

6 years agoansible: make facts cahing directory hidden
Christian Pointner [Sat, 21 Apr 2018 20:15:28 +0000 (22:15 +0200)]
ansible: make facts cahing directory hidden

6 years agoansible: set trust-model to always for vault handling scripts
Christian Pointner [Sat, 21 Apr 2018 20:09:32 +0000 (22:09 +0200)]
ansible: set trust-model to always for vault handling scripts

6 years agoansible: enable facts caching
Christian Pointner [Sat, 21 Apr 2018 20:01:22 +0000 (22:01 +0200)]
ansible: enable facts caching

6 years agoMerge PR#9: Ansible syntax cleanup and Documentation
nicoo [Sat, 21 Apr 2018 19:52:50 +0000 (21:52 +0200)]
Merge PR#9: Ansible syntax cleanup and Documentation

6 years agoansible: fix some typos
Christian Pointner [Sat, 21 Apr 2018 19:39:30 +0000 (21:39 +0200)]
ansible: fix some typos

6 years agoansible: spell checking
Christian Pointner [Sat, 21 Apr 2018 19:31:26 +0000 (21:31 +0200)]
ansible: spell checking

6 years agoansible: updated vault readme
Christian Pointner [Sat, 21 Apr 2018 19:23:42 +0000 (21:23 +0200)]
ansible: updated vault readme

6 years agoansible: updated readme
Christian Pointner [Sat, 21 Apr 2018 19:21:17 +0000 (21:21 +0200)]
ansible: updated readme

6 years agoansible: updated readme
Christian Pointner [Sat, 21 Apr 2018 19:14:11 +0000 (21:14 +0200)]
ansible: updated readme

6 years agoansible: add some docs on how to use this
Christian Pointner [Sat, 21 Apr 2018 19:06:59 +0000 (21:06 +0200)]
ansible: add some docs on how to use this

6 years agoansible: file names and locations cleanup
Christian Pointner [Sat, 21 Apr 2018 18:55:52 +0000 (20:55 +0200)]
ansible: file names and locations cleanup

6 years agoansible: cleanup yaml syntax
Christian Pointner [Sat, 21 Apr 2018 18:19:17 +0000 (20:19 +0200)]
ansible: cleanup yaml syntax

6 years agoMerge pull request #8 from realraum/remove-grml-debs
Nicolas Braud-Santoni [Sat, 21 Apr 2018 17:45:31 +0000 (19:45 +0200)]
Merge pull request #8 from realraum/remove-grml-debs

remove grml etc/scripts packages as we now deploy zsh config via ansible

6 years agoremove grml etc/scripts packages as we now deploy zsh config via ansible
Christian Pointner [Sat, 21 Apr 2018 17:37:41 +0000 (19:37 +0200)]
remove grml etc/scripts packages as we now deploy zsh config via ansible

6 years agoansible: base role now applies on all hosts without changes
Christian Pointner [Sat, 21 Apr 2018 17:29:03 +0000 (19:29 +0200)]
ansible: base role now applies on all hosts without changes

6 years agoansible: fix reserved variable warning
Christian Pointner [Sat, 21 Apr 2018 17:08:30 +0000 (19:08 +0200)]
ansible: fix reserved variable warning

6 years agoMerge pull request #5 from realraum/ansible-fixup
Nicolas Braud-Santoni [Sat, 21 Apr 2018 16:59:07 +0000 (18:59 +0200)]
Merge pull request #5 from realraum/ansible-fixup

Make Ansible-based automation work

6 years agoansible/role/localconfig: Minor cleanup
nicoo [Sat, 21 Apr 2018 16:58:47 +0000 (18:58 +0200)]
ansible/role/localconfig: Minor cleanup

6 years agoRevert "ansible/ssh: Update key for nicoo"
nicoo [Sat, 21 Apr 2018 16:55:21 +0000 (18:55 +0200)]
Revert "ansible/ssh: Update key for nicoo"

This reverts commit 458d4134631a83d88cc3cccb99eb0fe184920aa8.

My smartcard is currently dead, so I cannot use `nicoo@card.pub`

6 years agoadd safeguard for overwriting ssh config
Christian Pointner [Sat, 21 Apr 2018 16:43:06 +0000 (18:43 +0200)]
add safeguard for overwriting ssh config

6 years agoadded workaround for ansible bug
Christian Pointner [Sat, 21 Apr 2018 16:38:11 +0000 (18:38 +0200)]
added workaround for ansible bug

6 years agoadded (not yet finished) localconfig role
Christian Pointner [Sat, 21 Apr 2018 15:53:30 +0000 (17:53 +0200)]
added (not yet finished) localconfig role

6 years agorealraum is spelled with small letters
Christian Pointner [Thu, 22 Mar 2018 22:08:52 +0000 (23:08 +0100)]
realraum is spelled with small letters

6 years agoAdd pictures of core network locations
nicoo [Tue, 20 Mar 2018 21:36:19 +0000 (22:36 +0100)]
Add pictures of core network locations

6 years agoAdd (start of) Network documentation
nicoo [Tue, 20 Mar 2018 21:36:01 +0000 (22:36 +0100)]
Add (start of) Network documentation

6 years agoadded license, fixes #7
Christian Pointner [Wed, 29 Nov 2017 20:58:48 +0000 (21:58 +0100)]
added license, fixes #7

7 years agoansible: Allow SSH for git@vex.realraum.at
nicoo [Fri, 17 Nov 2017 13:49:14 +0000 (14:49 +0100)]
ansible: Allow SSH for git@vex.realraum.at

7 years agoansible/role/base: Fixup the sshd_allowusers mess
nicoo [Fri, 17 Nov 2017 13:22:41 +0000 (14:22 +0100)]
ansible/role/base: Fixup the sshd_allowusers mess

7 years agoMerge branch 'master' into ansible-fixup
nicoo [Fri, 17 Nov 2017 13:15:08 +0000 (14:15 +0100)]
Merge branch 'master' into ansible-fixup

7 years agofixes issue #6
Bernhard Tittelbach [Wed, 15 Nov 2017 18:02:09 +0000 (19:02 +0100)]
fixes issue #6

7 years agoMerge PR#4: doc/ACME: Document cert. acquisition for LAN services
nicoo [Wed, 15 Nov 2017 03:32:15 +0000 (04:32 +0100)]
Merge PR#4: doc/ACME: Document cert. acquisition for LAN services

No review seems forthcoming, and this is already deployed.

7 years agodoc/ACME: Document cert. acquisition for LAN services
nicoo [Wed, 25 Oct 2017 19:25:26 +0000 (21:25 +0200)]
doc/ACME: Document cert. acquisition for LAN services

7 years agodoc/Servers: Specify that VMs aren't listed
nicoo [Wed, 15 Nov 2017 03:29:47 +0000 (04:29 +0100)]
doc/Servers: Specify that VMs aren't listed

7 years agoansible: Manage vex too
nicoo [Wed, 15 Nov 2017 01:53:42 +0000 (02:53 +0100)]
ansible: Manage vex too

7 years agoansible/roles/base: Light refactoring
nicoo [Wed, 15 Nov 2017 00:43:33 +0000 (01:43 +0100)]
ansible/roles/base: Light refactoring

7 years agoansible: Only allow SSH from group SSH on wuerfel
nicoo [Wed, 15 Nov 2017 00:31:42 +0000 (01:31 +0100)]
ansible: Only allow SSH from group SSH on wuerfel

7 years agoansible: Allow SSH for extra users on ctf
nicoo [Wed, 15 Nov 2017 00:30:32 +0000 (01:30 +0100)]
ansible: Allow SSH for extra users on ctf

7 years agoansible: Allow SSH for extra users on athsdisc
nicoo [Tue, 14 Nov 2017 23:53:14 +0000 (00:53 +0100)]
ansible: Allow SSH for extra users on athsdisc

7 years agoansible/roles/base: Set XDG_RUNTIME_DIR as required by systemd
nicoo [Tue, 14 Nov 2017 23:51:17 +0000 (00:51 +0100)]
ansible/roles/base: Set XDG_RUNTIME_DIR as required by systemd

7 years agoansible/roles/base: Fix mode on ZSH files and install a zprofile
nicoo [Tue, 14 Nov 2017 23:50:07 +0000 (00:50 +0100)]
ansible/roles/base: Fix mode on ZSH files and install a zprofile

7 years agoansible/roles/base: Install python-apt
nicoo [Tue, 14 Nov 2017 23:30:52 +0000 (00:30 +0100)]
ansible/roles/base: Install python-apt

It's required to be able to run Ansible's apt module in check mode.

7 years agoansible: Don't attempt to manage the alix boxes for now
nicoo [Tue, 14 Nov 2017 23:26:40 +0000 (00:26 +0100)]
ansible: Don't attempt to manage the alix boxes for now

7 years agoansible/roles/base: Remove unnecessary filter delimiters
nicoo [Tue, 14 Nov 2017 23:23:16 +0000 (00:23 +0100)]
ansible/roles/base: Remove unnecessary filter delimiters

Those trigger a warning in Ansible 2.4 and later

7 years agoansible: Set a longer connection timeout
nicoo [Tue, 14 Nov 2017 23:22:11 +0000 (00:22 +0100)]
ansible: Set a longer connection timeout

My smartcard can only perform so many signatures per second

7 years agoansible/hosts: Drop tools.mgmt.realraum.at (VM decomissioned)
nicoo [Tue, 14 Nov 2017 23:01:30 +0000 (00:01 +0100)]
ansible/hosts: Drop tools.mgmt.realraum.at (VM decomissioned)

7 years agoGet ansible running without hardcoding admin-specific SSH config
nicoo [Tue, 14 Nov 2017 23:01:05 +0000 (00:01 +0100)]
Get ansible running without hardcoding admin-specific SSH config

7 years agoansible: Add host metrics
nicoo [Tue, 14 Nov 2017 21:49:32 +0000 (22:49 +0100)]
ansible: Add host metrics

7 years agoroles/base: Also install `net-tools`
nicoo [Thu, 2 Nov 2017 19:50:33 +0000 (20:50 +0100)]
roles/base: Also install `net-tools`

That package contains tcpdump and other goodies.

7 years agoansible/ssh: Update key for nicoo
nicoo [Thu, 2 Nov 2017 19:49:45 +0000 (20:49 +0100)]
ansible/ssh: Update key for nicoo

7 years agoAdd README.md
nicoo [Thu, 2 Nov 2017 18:52:23 +0000 (19:52 +0100)]
Add README.md

7 years agoAdd 'ansible/' from commit 'b7c82bb97cefa1a1d70b4348953249b84190c022'
nicoo [Thu, 2 Nov 2017 18:49:56 +0000 (19:49 +0100)]
Add 'ansible/' from commit 'b7c82bb97cefa1a1d70b4348953249b84190c022'

git-subtree-dir: ansible
git-subtree-mainline: d658e913a93e71a204b35d73189168d5cec0aa1e
git-subtree-split: b7c82bb97cefa1a1d70b4348953249b84190c022

7 years agodoc/Servers: Specify that VMs aren't listed
nicoo [Fri, 6 Oct 2017 20:46:24 +0000 (22:46 +0200)]
doc/Servers: Specify that VMs aren't listed

7 years agoadded better key handling for vault secret
Christian Pointner [Wed, 26 Apr 2017 17:54:17 +0000 (19:54 +0200)]
added better key handling for vault secret

7 years agoapt norecommends file permission less strict
Christian Pointner [Tue, 4 Apr 2017 21:53:22 +0000 (23:53 +0200)]
apt norecommends file permission less strict

7 years agodon't install dbus snd pam-systemd on non-systemd hosts
Christian Pointner [Sat, 1 Apr 2017 02:06:29 +0000 (04:06 +0200)]
don't install dbus snd pam-systemd on non-systemd hosts